Aug 1, 2018

Shipt Subdomain TakeOver via HeroKu ( test.shipt.com )

Advertisement














 ( test.shipt.com ) Subdomain Takeover via HeroKu

I notice that Shipt become Public Program

so I started scan for Subdomain TakeOver 
by Takeover tool edited by me

Then it detected  there is a possible Takeover on
test.shipt.com 
As it has a A record 
michael.shipt.com.herokudns.com 

tried to go directly to michael.shipt.com.herokudns.com 

The Page was not found 😀 

So I claimed it on HeroKu 


 Then I uploaded a Simple Node.js to Provide more POC only 




The Team was very fast 
Reported to  : Shipt Jul 28th

Triaged : 28th

Fixed  and rewarded in 10 min


Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

12 comments:

  1. Assalamualaikum brother can you that subdomain scanner tool which you have developed?

    ReplyDelete
  2. Please check your facebook message inbox ..Need urgent help

    ReplyDelete
  3. can you provide the step by step guide to do it

    ReplyDelete
  4. Can you please provide step by step procedure

    ReplyDelete
  5. While following your report I tried to claim one of the subdomain. However I am getting the error stating that "Domain is currently use by another app". Am I missing something? Help appreciated.

    ReplyDelete
    Replies
    1. Sorry But this mean you can't claim it .. its already in another account

      Delete
  6. in the case of connecting from shopify itself, when you tried to connect to those vulnerable subdomains and then verified the connection , did a message appear to you that this domain is available and you need to buy it for 14.00$ ?? or you were automatically redirected into those subdomains after verifying the connection ?

    i'm confused a little if i should buy this subdomain and report it or not

    thanks in advance

    ReplyDelete
    Replies
    1. if you mean mean you want to report it to Shopify Program .. Don't waste your Time and money they don't Pay

      Delete